Lucene search
K
MageiaRecent

6011 matches found

Mageia
Mageia
•added 2022/01/11 7:12 a.m.•98 views

Updated osgi-core/apache-commons-compress packages fix security vulnerability

When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. CVE-2021-35515 When reading a specially crafted 7...

7.5CVSS2.9AI score0.13292EPSS
Exploits0References7
Mageia
Mageia
•added 2022/01/11 7:12 a.m.•38 views

Updated ghostscript packages fix security vulnerability

Use-after-free in sampleddatasample called from sampleddatacontinue and interp. CVE-2021-45944 Heap-based buffer overflow in sampleddatafinish called from sampleddatacontinue and interp. CVE-2021-45949...

5.5CVSS2.5AI score0.01401EPSS
Exploits2References2
Mageia
Mageia
•added 2022/01/11 7:12 a.m.•38 views

Updated suricata packages fix security vulnerability

Critical evasion in suricata CVE-2021-35063...

7.5CVSS2.2AI score0.01973EPSS
Exploits0References6
Mageia
Mageia
•added 2022/01/11 7:12 a.m.•45 views

Updated squashfs-tools packages fix security vulnerability

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS2.7AI score0.025EPSS
Exploits2References8
Mageia
Mageia
•added 2022/01/05 10:45 p.m.•52 views

Updated gnome-shell packages fix security vulnerability

Drop extra capabilities from gnome-shell. They're optional and they break shutdown from the login screen with new glibs. CVE-2021-3982...

5.5CVSS1.7AI score0.00285EPSS
Exploits0References2
Mageia
Mageia
•added 2022/01/05 10:45 p.m.•162 views

Updated singularity packages fix security vulnerability

A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/", when running as root. CVE-2021-29136 Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifyin...

6.8CVSS1.6AI score0.02085EPSS
Exploits0References6
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•78 views

Updated libgda5.0 packages fix security vulnerability

Fix missing TLS certificate verification. CVE-2021-39359...

5.9CVSS2AI score0.01102EPSS
Exploits0References2
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•82 views

Updated ntfs-3g packages fix security vulnerability

Security vulnerabilities were identified in the open source NTFS-3G and NTFSPROGS software. These vulnerabilities may allow an attacker using a maliciously crafted NTFS-formatted image file or external storage to potentially execute arbitrary privileged code, if the attacker has either local acce...

7.8CVSS3.9AI score0.00488EPSS
Exploits0References6
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•43 views

Updated gegl packages fix security vulnerability

Fix shell expansion via crafted pathname in the ImageMagick convert fallback...

7.8CVSS3.5AI score0.01439EPSS
Exploits0References3
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•96 views

Updated log4j packages fix security vulnerability

Apache Log4j2 is vulnerable to a remote code execution RCE attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed b...

8.5CVSS2.9AI score0.97906EPSS
Exploits9References3
Mageia
Mageia
•added 2022/01/03 7:36 a.m.•46 views

Updated wireshark packages fix security vulnerability

Several wireshark vulnerabilities have been fixed. See the release notes for details...

7.5CVSS2AI score0.03879EPSS
Exploits5References8
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•53 views

Updated calibre packages fix security vulnerability

ReDoS vulnerability in htmlpreprocessrules in ebooks/conversion/preprocess.py...

7.5CVSS2.1AI score0.04986EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•109 views

Updated libtpms/swtpm packages fix security vulnerability

CryptSym: fix AES output IV CVE-2021-3505. Fixed a context save and suspend/resume problem when public keys are loaded. Reset too large size indicators in TPM2B to avoid access beyond buffer CVE-2021-3623 Restore original value in buffer if unmarshalled one was illegal Fixed out-of-bounds access...

7.1CVSS2.8AI score0.00894EPSS
Exploits1References9
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•110 views

Updated nodejs packages fix security vulnerability

HTTP Request Smuggling due to spaces in headers. The http parser accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS. CVE-2021-22959 HTTP Request Smuggling when parsing the body. The parse ignores chunk extensions when parsing...

6.5CVSS0.4AI score0.02936EPSS
Exploits2References2
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•44 views

Updated python-lxml packages fix security vulnerability

HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818...

8.2CVSS0.8AI score0.02456EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•41 views

Updated eclipse packages fix security vulnerability

Authenticate active help requests to the local help web server CVE-2020-27225...

7.8CVSS1.2AI score0.00336EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•38 views

Updated e2guardian packages fix security vulnerability

e2guardian did not validate TLS hostnames CVE-2021-44273...

7.4CVSS1.1AI score0.00962EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/30 4:41 p.m.•34 views

Updated toxcore packages fix security vulnerability

stack-based buffer overflow in handlerequest in DHT.c CVE-2021-44847...

9.8CVSS3.8AI score0.03954EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/29 7:12 p.m.•61 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the...

6.5CVSS0.8AI score0.00353EPSS
Exploits0References4
Mageia
Mageia
•added 2021/12/29 7:12 p.m.•67 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.11 and fixes at least the following security issues: netdevsim: Zero-initialize memory for new map's value in function nsimbpfmapalloc CVE-2021-4135. Potentially malicious XEN PV backends can cause guest DoS due to unhardened frontends in the guests,...

7.8CVSS0.2AI score0.00549EPSS
Exploits1References5
Mageia
Mageia
•added 2021/12/26 12:14 a.m.•66 views

Updated golang packages fix security vulnerability

net/http: limit growth of header canonicalization cache CVE-2021-44716 syscall: don't close fd 0 on ForkExec error CVE-2021-44717...

7.5CVSS1.8AI score0.03958EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/26 12:14 a.m.•51 views

Updated samba packages fix security vulnerability

Multiple security issues affecting ldb, samba and sssd. See references for details...

9CVSS2AI score0.01984EPSS
Exploits0References8
Mageia
Mageia
•added 2021/12/26 12:14 a.m.•56 views

Updated lapack/openblas packages fix security vulnerability

Fixes out of bounds read issue in larrv functions CVE-2021-4048...

9.1CVSS2.4AI score0.0262EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•52 views

Updated webkit2 packages fix security vulnerability

Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy. CVE-2021-30887 Processing maliciously crafted web content may lead to universal cross site scripting. CVE-2021-30890...

6.5CVSS1.8AI score0.01604EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•37 views

Updated thunderbird packages fix security vulnerability

OpenPGP signature status doesn't consider additional message content. CVE-2021-4126 Matrix chat library libolm bundled with Thunderbird vulnerable to a buffer overflow. CVE-2021-44538...

9.8CVSS3.2AI score0.01921EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•58 views

Updated ruby packages fix security vulnerability

Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...

9.8CVSS1.4AI score0.06307EPSS
Exploits6References9
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•15 views

Updated ldns packages fix security vulnerability

Heap out-of-bound read vulnerability in rrfrmstrinternal function Heap out-of-bound read vulnerability in ldnsnsec3saltdata function Fixed time memory compare for Openssl 0.9.8...

1.7AI score
Exploits0References2
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•44 views

Updated thrift/golang-github-apache-thrift packages fix security vulnerability

Malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service...

7.5CVSS2.4AI score0.06779EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•36 views

Updated php packages fix security vulnerability

Out of bounds in phppcrereplaceimpl CVE-2017-9118 Multiple bugs fixed. See referenced changelog for details...

7.5CVSS1.4AI score0.02954EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/23 9:1 p.m.•50 views

Updated netcdf packages fix security vulnerability

Multiple security issues found in ezXML, bundled in netcdf...

8.1CVSS2.4AI score0.01605EPSS
Exploits15References4
Mageia
Mageia
•added 2021/12/21 11:27 p.m.•39 views

Updated x11-server packages fix security vulnerabilities

Updated x11-server packages fix security vulnerabilities: The handler for the CompositeGlyphs request of the Render extension does not properly validate the request length leading to out of bounds memory write CVE-2021-4008. The handler for the CreatePointerBarrier request of the XFixes extension...

7.8CVSS1.8AI score0.00571EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/21 11:27 p.m.•63 views

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially trigger a...

7.8CVSS1AI score0.00513EPSS
Exploits3References8
Mageia
Mageia
•added 2021/12/21 11:27 p.m.•53 views

Updated apache-mod_security packages fix security vulnerability

Updated apache-modsecurity packages fix security vulnerability: ModSecurity mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large e.g., 300KB HTTP...

7.5CVSS0.5AI score0.03206EPSS
Exploits2References1
Mageia
Mageia
•added 2021/12/21 11:27 p.m.•70 views

Updated kernel-linus packages fix security vulnerabilities

This kernel-linus update is based on upstream 5.15.10 and fixes at least the following security issues: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close and fget simultaneously and can potentially...

7.8CVSS3AI score0.00513EPSS
Exploits3References5
Mageia
Mageia
•added 2021/12/21 11:27 p.m.•71 views

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A crafted URI sent to httpd configured as a forward proxy ProxyRequests on can cause a crash NULL pointer dereference or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Uni...

9.8CVSS7.3AI score0.97108EPSS
Exploits4References4
Mageia
Mageia
•added 2021/12/20 8:32 p.m.•79 views

Updated log4j packages fix security vulnerability

Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is...

5.9CVSS5.4AI score0.99999EPSS
Exploits20References1
Mageia
Mageia
•added 2021/12/19 4:13 p.m.•35 views

Updated olm packages fix security vulnerability

Updated olm packages fix security vulnerability: The olmsessiondescribe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of t...

9.8CVSS1.6AI score0.01921EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/19 4:13 p.m.•47 views

Updated privoxy packages fix security vulnerabilities

Updated privoxy packages fix security vulnerabilities: A security issue has been found in Privoxy before version 3.0.33. geturlspecparam did not free memory of compiled pattern spec before bailing CVE-2021-44540. A security issue has been found in Privoxy before version 3.0.33...

7.5CVSS1.5AI score0.01393EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/19 4:13 p.m.•14 views

Updated watchdog packages fix security issue

Updated watchdog packages fixes an issue with a memory leak when verbose mode is on...

2.6AI score
Exploits0References2
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•49 views

Updated vim packages fix security vulnerability

Updated vim packages fix security vulnerability: vim is vulnerable to Use After Free CVE-2021-4069...

7.8CVSS2AI score0.01293EPSS
Exploits1References1
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•124 views

Updated log4j packages fix security vulnerability

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9CVSS1.9AI score0.99977EPSS
Exploits40References3
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•43 views

Updated dovecot packages fix security vulnerabilities

Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...

7.5CVSS5.1AI score0.02837EPSS
Exploits0References8
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•38 views

Updated botan2 packages fix security vulnerability

Updated botan2 packages fix security vulnerability: The ElGamal implementation in Botan through 2.18.1, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the...

5.9CVSS2AI score0.01532EPSS
Exploits1References1
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•26 views

Updated hiredis packages fix security vulnerability

Updated hiredis packages fix security vulnerability: It was discovered that there was an integer-overflow vulnerability in hiredis, a C client library for communicating with Redis databases. This occurred within the handling and parsing of 'multi-bulk' replies CVE-2021-32765...

8.8CVSS1.6AI score0.02045EPSS
Exploits0References3
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•46 views

Updated chromium-browser-stable packages fix security vulnerabilities

Updated chromium-browser-stable packages fix security vulnerabilities. The chromium-browser-stable package has been updated to 96.0.4664.110 version that fixes multiples security vulnerabilities. One of these CVEs is known to be actively exploited. Insufficient data validation in Mojo...

8.8CVSS3AI score0.07836EPSS
Exploits0References2
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•48 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: == Security fixes == T292763. CVE-2021-44854 REST API incorrectly publicly caches autocomplete search results from private wikis. T271037, CVE-2021-44856 Title blocked in AbuseFilter can be created via Special:ChangeContentModel. T297322,...

7.5CVSS4.5AI score0.0135EPSS
Exploits1References2
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•42 views

Updated matio packages fix security vulnerability

Updated matio packages fix security vulnerability: A memory leak was discovered in MatVarCalloc in mat.c in matio 1.5.17 because SafeMulDims does not consider the rank==0 case CVE-2019-20052...

6.5CVSS2.1AI score0.01082EPSS
Exploits1References1
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•32 views

Updated pjproject packages fix security vulnerability

Updated pjproject packages fix security vulnerability: In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/ listener may get...

5.9CVSS1.1AI score0.02082EPSS
Exploits0References1
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•48 views

Updated keepalived packages fix security vulnerability

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable writable property...

5.5CVSS2.4AI score0.01159EPSS
Exploits0References6
Mageia
Mageia
•added 2021/12/19 12:26 p.m.•42 views

Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerability: Kishore Kumar Kothapalli discovered that the lame server cache in BIND, a DNS server implementation, can be abused by an attacker to significantly degrade resolver performance, resulting in denial of service large delays for responses for client...

5.3CVSS6.2AI score0.08001EPSS
Exploits0References3
Total number of security vulnerabilities6011